fluentbit: upgrade 3.2.1 -> 3.2.8

Handle CVE-2024-50608 and CVE-2024-50609 (in 3.2.7). Drop two patches addressed upstream. Refresh remaining patches. zstd is now bundled without possibility to unbundle. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2026-05-30 00:50:00 +00:00 · 2025-03-14 21:50:30 +01:00
parent f342e18d83
commit 9850bfc551
5 changed files with 11 additions and 112 deletions
@@ -70,8 +70,8 @@ diff --git a/lib/ctraces/CMakeLists.txt b/lib/ctraces/CMakeLists.txt
 index e47ba022d..0ddfd5f97 100644
 --- a/lib/ctraces/CMakeLists.txt
 +++ b/lib/ctraces/CMakeLists.txt
-@@ -30,12 +30,8 @@ set(CTR_VERSION_MINOR  5)
- set(CTR_VERSION_PATCH  7)
+@@ -30,12 +30,8 @@ set(CTR_VERSION_MINOR  6)
+ set(CTR_VERSION_PATCH  0)
 set(CTR_VERSION_STR "${CTR_VERSION_MAJOR}.${CTR_VERSION_MINOR}.${CTR_VERSION_PATCH}")
 
 -# Define __FILENAME__ consistently across Operating Systems
@@ -95,9 +95,9 @@ index 028240bcc..b386cb726 100644
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu99 -Wall -Wextra")
 -set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__='\"$$(subst ${CMAKE_SOURCE_DIR}/,,$$(abspath \$$<))\"'")
 -else()
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__=__FILE__")
- endif()
-+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__=__FILE__")
+endif()
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__FILENAME__=__FILE__")
+-endif()
 
 # Monkey Version
 set(MK_VERSION_MAJOR  1)
@@ -18,7 +18,7 @@ diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
 index 8404b65c1..0c7876058 100644
 --- a/src/CMakeLists.txt
 +++ b/src/CMakeLists.txt
-@@ -540,7 +540,7 @@ if(FLB_BINARY)
+@@ -546,7 +546,7 @@ if(FLB_BINARY)
     set(SYSTEMD_UNITDIR  /lib/systemd/system)
   endif()
 
@@ -27,7 +27,7 @@ index 8404b65c1..0c7876058 100644
     set(FLB_SYSTEMD_SCRIPT "${PROJECT_SOURCE_DIR}/init/${FLB_OUT_NAME}.service")
     configure_file(
       "${PROJECT_SOURCE_DIR}/init/systemd.in"
-@@ -548,7 +548,7 @@ if(FLB_BINARY)
+@@ -554,7 +554,7 @@ if(FLB_BINARY)
       )
     install(FILES ${FLB_SYSTEMD_SCRIPT} COMPONENT binary DESTINATION ${SYSTEMD_UNITDIR})
     install(DIRECTORY DESTINATION ${FLB_INSTALL_CONFDIR} COMPONENT binary)
@@ -1,42 +0,0 @@
-From 5f3bfd51851c6700b4dfd2ac25e83e5306b923f8 Mon Sep 17 00:00:00 2001
-From: Patrick Wicki <patrick.wicki@siemens.com>
-Date: Sat, 5 Oct 2024 21:36:12 +0200
-Subject: [PATCH] wasm: avoid cmake try_run when cross-compiling for x86
-
-This fixes building the wasm micro runtime used when enabling wasm
-support in fluentbit.
-cmake try_run does not work when cross-compiling because the test program
-cannot be executed:
-
-| CMake Error: try_run() invoked in cross-compiling mode, please set the following cache variables appropriately:
-|    TEST_WRGSBASE_RESULT (advanced)
-| For details see .../fluentbit/3.1.9/build/TryRunResults.cmake
-|      Write linear memory base addr to x86 GS register disabled
-| -- Configuring incomplete, errors occurred!
-
-Since we cannot run the test program, assume that the instruction is not
-available and disable the option.
-
-This patch is no longer needed once fluentbit updates WAMR, as it's been
-fixed in https://github.com/bytecodealliance/wasm-micro-runtime/pull/3066.
-
-Upstream-Status: Pending [https://github.com/fluent/fluent-bit/pull/8744]
-
-Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
---
- .../build-scripts/config_common.cmake                           | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/wasm-micro-runtime-WAMR-1.3.0/build-scripts/config_common.cmake b/lib/wasm-micro-runtime-WAMR-1.3.0/build-scripts/config_common.cmake
-index e73ebc85f..c2504e007 100644
--- a/lib/wasm-micro-runtime-WAMR-1.3.0/build-scripts/config_common.cmake
-+++ b/lib/wasm-micro-runtime-WAMR-1.3.0/build-scripts/config_common.cmake
-@@ -408,7 +408,7 @@ if (WAMR_BUILD_STATIC_PGO EQUAL 1)
-   add_definitions (-DWASM_ENABLE_STATIC_PGO=1)
-   message ("     AOT static PGO enabled")
- endif ()
-if (WAMR_DISABLE_WRITE_GS_BASE EQUAL 1)
-+if (WAMR_DISABLE_WRITE_GS_BASE EQUAL 1 OR CMAKE_CROSSCOMPILING)
-   add_definitions (-DWASM_DISABLE_WRITE_GS_BASE=1)
-   message ("     Write linear memory base addr to x86 GS register disabled")
- elseif (WAMR_BUILD_TARGET STREQUAL "X86_64"
@@ -1,56 +0,0 @@
-From 2e39a3cea7d03721298e90fad70560c541b092a5 Mon Sep 17 00:00:00 2001
-From: Thomas Devoogdt <thomas@devoogdt.com>
-Date: Sat, 16 Nov 2024 20:55:37 +0100
-Subject: [PATCH] cprof_encode_text.c: fix wrong pointer assignment
-
-Fix cprofiles build.
-
-Upstream-Status: Submitted [https://github.com/fluent/cprofiles/pull/3]
-
-Signed-off-by: Thomas Devoogdt <thomas@devoogdt.com>
-Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
---
- lib/cprofiles/src/cprof_encode_text.c | 6 +++---
- lib/cprofiles/src/cprof_profile.c     | 2 +-
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/lib/cprofiles/src/cprof_encode_text.c b/lib/cprofiles/src/cprof_encode_text.c
-index 218a72b5b..ab2d6247d 100644
--- a/lib/cprofiles/src/cprof_encode_text.c
-+++ b/lib/cprofiles/src/cprof_encode_text.c
-@@ -1909,7 +1909,7 @@ static int encode_cprof_resource_profiles(
-                 struct cprof_resource_profiles *instance) {
-     int result;
-     struct cfl_list             *iterator;
-    struct cprof_scope_profile *scope_profile;
-+    struct cprof_scope_profiles *scope_profiles;
- 
-     result = encode_string(context,
-                             CFL_TRUE,
-@@ -1958,11 +1958,11 @@ static int encode_cprof_resource_profiles(
- 
-         cfl_list_foreach(iterator,
-                          &instance->scope_profiles) {
-            scope_profile = cfl_list_entry(
-+            scope_profiles = cfl_list_entry(
-                                 iterator,
-                                 struct cprof_scope_profiles, _head);
- 
-            result = encode_cprof_scope_profiles(context, scope_profile);
-+            result = encode_cprof_scope_profiles(context, scope_profiles);
- 
-             if (result != CPROF_ENCODE_TEXT_SUCCESS) {
-                 return result;
-diff --git a/lib/cprofiles/src/cprof_profile.c b/lib/cprofiles/src/cprof_profile.c
-index 66d62b361..d059d0376 100644
--- a/lib/cprofiles/src/cprof_profile.c
-+++ b/lib/cprofiles/src/cprof_profile.c
-@@ -98,7 +98,7 @@ void cprof_profile_destroy(struct cprof_profile *instance)
-     struct cfl_list             *iterator_backup;
-     struct cprof_attribute_unit *attribute_unit;
-     struct cprof_value_type     *value_type;
-    struct cprof_mapping        *location;
-+    struct cprof_location        *location;
-     struct cprof_function       *function;
-     struct cfl_list             *iterator;
-     struct cprof_mapping        *mapping;
@@ -17,14 +17,12 @@ DEPENDS = "\
 "
 DEPENDS:append:libc-musl = " fts"

-SRCREV = "600b5a955b5ef7b9d025e0c128432260d0c6a5f1"
+SRCREV = "d13e8e4ab2029fa92600b7d1d0da28f8dcc350eb"
 SRC_URI = "\
-    git://github.com/fluent/fluent-bit.git;branch=master;protocol=https \
+    git://github.com/fluent/fluent-bit.git;branch=3.2;protocol=https \
    file://0001-lib-Do-not-use-private-makefile-targets-in-CMakelist.patch \
    file://0002-flb_info.h.in-Do-not-hardcode-compilation-directorie.patch \
    file://0003-CMakeLists.txt-Revise-init-manager-deduction.patch \
-    file://0004-wasm-avoid-cmake-try_run-when-cross-compiling.patch \
-    file://0005-cprof_encode_text.c-fix-wrong-pointer-assignment.patch \
 "
 SRC_URI:append:libc-musl = "\
    file://0004-chunkio-Link-with-fts-library-with-musl.patch \
@@ -114,9 +112,8 @@ PACKAGECONFIG[windows-defaults] = "-DFLB_WINDOWS_DEFAULTS=Yes,-DFLB_WINDOWS_DEFA
 # individual plugins then to enable (e.g. using EXTRA_OECMAKE:append = " -DFLB_FOOBAR=ON")
 PACKAGECONFIG[minimal] = "-DFLB_MINIMAL=Yes,-DFLB_MINIMAL=No"

-# Without zstd dependency, kafka plugin build fails at link attempt against native libzstd.so
-PACKAGECONFIG[in-kafka] = "-DFLB_IN_KAFKA=ON,-DFLB_IN_KAFKA=OFF,librdkafka zstd curl"
-PACKAGECONFIG[out-kafka] = "-DFLB_OUT_KAFKA=ON,-DFLB_OUT_KAFKA=OFF,librdkafka zstd curl"
+PACKAGECONFIG[in-kafka] = "-DFLB_IN_KAFKA=ON,-DFLB_IN_KAFKA=OFF,librdkafka curl"
+PACKAGECONFIG[out-kafka] = "-DFLB_OUT_KAFKA=ON,-DFLB_OUT_KAFKA=OFF,librdkafka curl"

 SYSTEMD_SERVICE:${PN} = "fluent-bit.service"